CVE-2020-13798: XSS
First published: Wed Jun 03 2020(Updated: )
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Naviwebs Navigate CMS | <=2.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13798?
CVE-2020-13798 is a vulnerability in Navigate CMS through 2.8.7 that allows for cross-site scripting (XSS) attacks.
How severe is CVE-2020-13798?
CVE-2020-13798 has a severity rating of 6.1 (medium).
How does CVE-2020-13798 occur?
CVE-2020-13798 occurs due to a lack of purify calls in lib/packages/feeds/feed.class.php in Navigate CMS.
What software versions are affected by CVE-2020-13798?
Navigate CMS versions up to and including 2.8.7 are affected by CVE-2020-13798.
How can I fix CVE-2020-13798?
To fix CVE-2020-13798, it is recommended to update Navigate CMS to a version that includes the fix, such as version 2.8.8 or later.
- collector/nvd-index
- vendor/naviwebs
- canonical/naviwebs navigate cms
- version/naviwebs navigate cms/2.8.7